java source code of WebSecurityConfiguration

package com.dataagg.security.config;

import javax.sql.DataSource;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import com.dataagg.commons.service.SysUserDetailsService;

/**
 * Created by samchu on 2017/2/15.
 */
@Configuration
@EnableWebSecurity
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
	private static final Logger log = LoggerFactory.getLogger(WebSecurityConfiguration.class);
	//	@Autowired
	//	private CustomUserDetailsAuthenticationProvider customUserDetailsAuthenticationProvider;
	@Autowired
	private DataSource dataSource;
	//	@Autowired
	//	private ClientDetailsService clientDetailsService;
	@Autowired
	private SysUserDetailsService userDetailsService;
	//
	//	@Autowired
	//	private PersistentTokenRepository tokenRepository;

	@Autowired
	private PasswordEncoder passwordEncoder;

	//	private AuthenticationManager myAuthenticationManager = authentication -> {
	//		EUser userDetails = userDetailsService.fetchFullByName(authentication.getName());
	//		return new UsernamePasswordAuthenticationToken(userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities());
	//	};

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		log.debug(">> WebSecurityConfiguration.configure AuthenticationManagerBuilder={}", auth);
		//		auth.authenticationProvider(customUserDetailsAuthenticationProvider);
		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
		//		auth.inMemoryAuthentication().withUser("user").password("user").roles("USER").and().withUser("admin").password("admin").roles("ADMIN");
		log.debug("<< WebSecurityConfiguration.configure AuthenticationManagerBuilder");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// @formatter:off
//		http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
//		http.authorizeRequests().antMatchers("/static/**").permitAll().anyRequest().authenticated()
//        .and().formLogin().loginPage("/user/login").defaultSuccessUrl("/user/loginSuccess").failureUrl("/user/loginError").permitAll().and().csrf().disable();
		http.antMatcher("/**").authorizeRequests()
				.antMatchers("/**.html", "/user/log**", "/static/**").permitAll()
				.anyRequest().authenticated()
				.and().exceptionHandling()
				.and().formLogin().loginPage("/user/login").defaultSuccessUrl("/user/loginSuccess").failureUrl("/user/loginError").permitAll()
//				.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/user/login"))
				.and().logout().logoutUrl("/user/logout").logoutSuccessUrl("/user/login").permitAll()
				.and().csrf().disable()//csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
				//FIXME tokenRepository can't work well?
				//.rememberMe().tokenRepository(tokenRepository);
////				.userDetailsService(userDetailsService);
				;
		// @formatter:on
	}

	@Autowired
	public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
	}

	@Bean
	public TokenStore tokenStore() {
		JdbcTokenStore jdbcTokenStore = new JdbcTokenStore(dataSource);
		return jdbcTokenStore;
	}

	//	@Bean
	//	public JwtAccessTokenConverter jwtAccessTokenConverter() {
	//		final JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
	//		jwtAccessTokenConverter.setSigningKey("ASDFASFsdfsdfsdfsfadsf234asdfasfdas");
	//		// 註解掉的原因是因為跟原本的一樣，但記錄一下如果需要特別調整可以在這調
	//		// jwtAccessTokenConverter.setAccessTokenConverter(new CustomAccessTokenConverter());
	//		return jwtAccessTokenConverter;
	//	}

	@Bean
	public ClientDetailsService jdbcClientDetailsService() {
		return new JdbcClientDetailsService(dataSource);
	}

	//	@Bean
	//	public DefaultTokenServices getDefaultTokenServices() throws Exception {
	//		DefaultTokenServices tokenServices = new DefaultTokenServices();
	//		tokenServices.setAuthenticationManager(myAuthenticationManager);
	//		tokenServices.setTokenStore(tokenStore());
	//		tokenServices.setTokenEnhancer(jwtAccessTokenConverter());
	//		tokenServices.setClientDetailsService(clientDetailsService);
	//		tokenServices.setSupportRefreshToken(true);
	//		return tokenServices;
	//	}

	@Bean
	public PersistentTokenRepository tokenRepository() {
		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
		//		tokenRepository.setCreateTableOnStartup(true);
		tokenRepository.setDataSource(dataSource);
		return tokenRepository;
	}
}